mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
lib/crypto: Use GnuTLS RC4 for samba_gnutls_arcfour_confounded_md5()
This allows Samba to use GnuTLS for drsuapi_{en,de}crypt_attribute_value() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
parent
d5856b993e
commit
ad4505624e
@ -36,19 +36,22 @@
|
||||
#include <gnutls/gnutls.h>
|
||||
#include <gnutls/crypto.h>
|
||||
#include "gnutls_helpers.h"
|
||||
#include "arcfour.h"
|
||||
#include "lib/util/memory.h"
|
||||
|
||||
int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1,
|
||||
const DATA_BLOB *key_input2,
|
||||
DATA_BLOB *data)
|
||||
DATA_BLOB *data,
|
||||
enum samba_gnutls_direction encrypt)
|
||||
{
|
||||
int rc;
|
||||
gnutls_hash_hd_t hash_hnd = NULL;
|
||||
uint8_t confounded_key[16];
|
||||
DATA_BLOB confounded_key_as_blob
|
||||
= data_blob_const(confounded_key,
|
||||
sizeof(confounded_key));
|
||||
gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||
gnutls_datum_t confounded_key_datum = {
|
||||
.data = confounded_key,
|
||||
.size = sizeof(confounded_key),
|
||||
};
|
||||
|
||||
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||
if (rc < 0) {
|
||||
return rc;
|
||||
@ -64,12 +67,27 @@ int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1,
|
||||
return rc;
|
||||
}
|
||||
|
||||
gnutls_hash_deinit(hash_hnd, confounded_key_as_blob.data);
|
||||
gnutls_hash_deinit(hash_hnd, confounded_key);
|
||||
|
||||
arcfour_crypt_blob(data->data, data->length,
|
||||
&confounded_key_as_blob);
|
||||
rc = gnutls_cipher_init(&cipher_hnd,
|
||||
GNUTLS_CIPHER_ARCFOUR_128,
|
||||
&confounded_key_datum,
|
||||
NULL);
|
||||
if (rc < 0) {
|
||||
return rc;
|
||||
}
|
||||
|
||||
if (encrypt == SAMBA_GNUTLS_ENCRYPT) {
|
||||
rc = gnutls_cipher_encrypt(cipher_hnd,
|
||||
data->data,
|
||||
data->length);
|
||||
} else {
|
||||
rc = gnutls_cipher_decrypt(cipher_hnd,
|
||||
data->data,
|
||||
data->length);
|
||||
}
|
||||
gnutls_cipher_deinit(cipher_hnd);
|
||||
ZERO_ARRAY(confounded_key);
|
||||
|
||||
return 0;
|
||||
return rc;
|
||||
}
|
||||
|
@ -37,8 +37,14 @@ WERROR _gnutls_error_to_werror(int gnutls_rc,
|
||||
_gnutls_error_to_werror(gnutls_rc, blocked_werr, \
|
||||
__FUNCTION__, __location__)
|
||||
|
||||
enum samba_gnutls_direction {
|
||||
SAMBA_GNUTLS_ENCRYPT,
|
||||
SAMBA_GNUTLS_DECRYPT
|
||||
};
|
||||
|
||||
int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1,
|
||||
const DATA_BLOB *key_input2,
|
||||
DATA_BLOB *data);
|
||||
DATA_BLOB *data,
|
||||
enum samba_gnutls_direction encrypt);
|
||||
|
||||
#endif /* _GNUTLS_HELPERS_H */
|
||||
|
@ -10,7 +10,7 @@ bld.SAMBA_SUBSYSTEM('GNUTLS_HELPERS',
|
||||
gnutls_error.c
|
||||
gnutls_arcfour_confounded_md5.c
|
||||
''',
|
||||
deps='gnutls samba-errors LIBCRYPTO');
|
||||
deps='gnutls samba-errors');
|
||||
|
||||
bld.SAMBA_SUBSYSTEM('LIBCRYPTO',
|
||||
source='''md4.c arcfour.c
|
||||
|
@ -88,7 +88,8 @@ static WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx,
|
||||
|
||||
rc = samba_gnutls_arcfour_confounded_md5(gensec_skey,
|
||||
&confounder,
|
||||
&dec_buffer);
|
||||
&dec_buffer,
|
||||
SAMBA_GNUTLS_DECRYPT);
|
||||
if (rc < 0) {
|
||||
result = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
|
||||
goto out;
|
||||
@ -302,7 +303,8 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx,
|
||||
|
||||
rc = samba_gnutls_arcfour_confounded_md5(gensec_skey,
|
||||
&confounder,
|
||||
&to_encrypt);
|
||||
&to_encrypt,
|
||||
SAMBA_GNUTLS_ENCRYPT);
|
||||
if (rc < 0) {
|
||||
result = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
|
||||
goto out;
|
||||
|
Loading…
Reference in New Issue
Block a user